Security Incident


Report Problem
Lost/Stolen Device

VPN


Login to vpn@ucsf
VPN Help

Help


Login to help@ucsf
email us
Call (415) 514-4100,
option 2




Advanced Search
Recent Changes

Sophos FAQ

This document details frequently asked questions for the Sophos AntiVirus software client. If you have an issue or question regarding Sophos and it is not answered here please contact the Help Desk and they will be happy to assist you.

You can read through the sections or jump directly to the section you need:

General Questions
Windows Questions
MacOS X Questions
Non-Supported Platform Questions

General Questions

What is a Computer Virus?

A virus is a program designed to corrupt (and copy itself into) other programs and alter the way they work. The impact of viruses can range from making your computer crash during certain operations, to deleting important files, possibly rendering your computer inoperable.

What is Sophos?

Sophos is an anti-virus program that protects your computer from viruses that may try to enter your computer via email, downloads or disk media.

Why do I need Anti-Virus Software?

Computer viruses, worms, trojans and other software packages slow computer performance, make computers less reliable and often damage information. Many virus packages give remote control of your computer to an unknown entity on the Internet who will then use it to attack other computers, send out SPAM or share illegal files without your knowledge.

Even if you don’t think your computer is important enough to protect ask yourself these questions: How much trouble would it be if I had to erase my computer and reinstall all of my programs? Could data be exposed or damaged? What if my computer was used to attack other computers? Are the files on my computer important to me? The answers to those questions is generally not good, it’s everyone’s responsibility to make sure their computers are protected and OAAIS makes it easy to get started with the software we offer.

How much does Sophos cost?

Sophos is provided as part of your membership in the UCSF community and does not have an additional fee.

Who can use Sophos?

Sophos can be used by UCSF Faculty, Staff, Student or Affiliate working on UCSF business as well as on the home systems of the same. The goal of the Spy Sweeper program is to protect the electronic information resources of UCSF and protecting individual computers is the first step.

Why does the download page ask me if I will use Sophos on the Campus Network?

If you are offsite more then 50% of the time we provide a standalone version of Sophos. This allows you receive updates directly from Sophos.com update server.

How often does Sophos update its virus definitions?

Every 90 minutes.

How is the UCSF Sophos Different from other anti-virus programs?

The UCSF Sophos is centrally managed it provides anti-virus definition updates. This means you do not have to worry about a subscription running out.

I turn my computer off at night and I see that the full system scan is scheduled for 11:00 PM. Will the full scan run when my computer turns back on?

No. If you want to run a full system scan when you turn your computer on, you must open the Sophos client and select Scan Local Disks.

How can I set up a full system scan for a different schedule?

You can only set up scheduled scans if your user account is a member of the Sophos Administrators Group in your computer’s Users and Groups definition. If you were logged in as an administrator of your computer when you installed Sophos, your account was automatically added to the Sophos Administrators Group. Please refer to the Sophos User’s Guide, page 10, for instructions in setting up and scheduling a scan.

Do I have to manually update this version of Sophos?

No, the Sophos client automatically receives updates from the OAAIS web server.

What if my computer is unable to reach the UCSF Sophos server? Will it still get updates?

Yes, if your computer has access to the internet but is unable to reach the UCSF Sophos server, it will receive updates from the Sophos corporate web server.

I run a hardware firewall. What ports do I need to allow for the Sophos client to get its updates automatically and correctly communicate with the management console?

The Sophos Remote Management Service uses ports 8192, 8193 and 8194 to communicate with the Management Console to which it is assigned. The consoles are eis-sav-con1, 169.230.50.15; eis-sav-con2, 169.230.50.16. You can determine which management console your client is pointed at by the file name from which you installed Sophos. The file names have the console number embedded in them. For example, the file name, UCSFSophosEntAVWinXPCon1, is the UCSF Sophos Enterprise Anti-Virus for Windows 2000, XP and 2003 that will report to the management Console #1. Enter the IP address for Console 1 from the list above. Also, if you restrict Port 80, you need to open it up to http://its.ucsf.edu.

What can I do if I am having problems with Sophos?

Please contact your CSC or OAAIS Customer Support at http://help.ucsf.edu, by email at customersupport@ucsf.edu, or by phone at (415) 514-4100, option 2

Windows Questions

What are the software and hardware requirements for Windows?

Operating System:
Windows 2000 and Server
Windows XP (All versions 32 and 64 bit
Windows 2003 Server
Windows Vista (All versions 32 and 64 bit)

Hardware:
120 MB free disk space
256 MB RAM

How do I uninstall Sophos for Anti Virus on Windows?

Windows 2000, XP, 2003

  1. Open 'Control Panel'
  2. Select 'Add/Remove Programs'
  3. Select 'Sophos Auto Update', click 'Add/Remove', and follow the instructions on the screen
  4. Select 'Sophos Client Firewall', click 'Add/Remove', and follow the instructions on the screen
  5. Select 'Sophos Anti-Virus version', click 'Add/Remove', and follow the instructions on the screen
  6. Select 'Sophos Remote Management System', click 'Add/Remove', and follow the instructions on the screen.

Windows Vista

  1. Open 'Control Panel'
  2. Select 'Programs and Features'
  3. Select 'Sophos Auto Update', click 'Uninstall', and follow the instructions on the screen
  4. Select 'Sophos Anti-Virus version', click 'Uninstall', and follow the instructions on the screen
  5. Select 'Sophos Remote Management System', click 'Uninstall', and follow the instructions on the screen.

My department is running Symantec Enterprise Anti-Virus. Is there anything special we need to do before installing Sophos Enterprise Anti-Virus?

Yes. After removing the Symantec Enterprise Anti-Virus client on the workstations, you must run a Symantec script to completely purge all leftover Symantec settings from the registry. Otherwise, Sophos will not install and perform correctly. Please contact Symantec Support to obtain the correct script for the version of Symantec Enterprise Anti-Virus you are running.

I have a red circle with a white x in it showing up on my Sophos Shield in the System Tray. What does that mean?

This can mean your Sophos client is not receiving updates from any server, or the Remote Management Service was unable to receive an update from the OAAIS web server but the Sophos Enterprise Anti-Virus may have received updates from the Sophos Corporate web server. The Sophos Corporate web server does not provide updates to the Remote Management Agent which causes the error indication to display. To determine which instance is the case, please follow the instructions for viewing the Auto-Update Log in this FAQ.

How do I view the log for my Sophos client?

Right click on the blue Sophos shield that should be in your System Tray and select, Configure Updating, from the pop up menu. In the “Properties for Sophos Autoupdate” box, select the tab labeled, Logging. There is a button on the Logging tab labeled, View Log File. In that log file you will be able to see the status of the auto-update process and the server from which it is successfully receiving updates.

I run the campus Sygate Firewall. Is there anything I have to do to allow Sophos to receive updates and communicate with the Sophos Management Console?

No, Sygate is configured to allow all the communications required for Sophos to update.

I run a firewall other than Sygate. What do I need to do to allow Sophos to correctly communicate with the update and management servers?

Yes, you need to allow the same ports as are listed in the Hardware Firewall FAQ above and, you may need to allow the following Sophos applications access to the network:

For Windows 2000/XP/2003/Vista:

        RouterNT.exe
        AutoupdateAgentNT.exe
        ManagementAgentNT.exe

MacOS X Questions

What are the software and hardware requirements for Mac?

Operating System:
Mac OS X 10.2.8, 10.3, 10.4

Hardware:
Intel and PPC Macs
77 MB free disk space
128 MB or more RAM

How do I uninstall Sophos for Anti Virus on OS X?

You will need to enter an administrator username and password to run the uninstaller.

  1. Go to Macintosh HD|Library|Application Support|Sophos Anti-Virus
  2. Open 'SAV Uninstaller'
  3. Follow the instructions on the screen.

Non-Supported Platform Questions

Is Sophos available for any other platforms?

Yes, we have clients for the following non-supported systems.

Windows:
Windows 95
Windows 98
Windows ME
Windows NT 4

Linux on Intel:
Red Hat 5.1/5.2/6.0/6.1/7.2/8/9
RHEL 2.1/3/4
SUSE 6/7/8/9.0/9.1/9.2/9.3/10.0
Enterprise Server 8/9
TurboLinux 6/7/8/10Free BSD 3, 4.5

FreeBSD:
3.0/3.4/4.0/4.5/4.8/5.1/5.2/5.3/5.4/6 on Intel
6.0 on AMD64

HP-UX:
10.20/11.0/11.11/11.23 on HP-PA
11.22/11.23 on Itanium 2

AIX:
4.2/5.1/5.2/5.3 on PowerPC

Solaris:
Solaris 7/8/9/10 on Intel
Solaris 8/9/10 on SPARC

For more details please see:
Windows
http://www.sophos.com/products/enterprise/endpoint/security-and-control/windows/sysreqs.html

Linux
http://www.sophos.com/products/enterprise/endpoint/security-and-control/linux/sysreqs.html

UNIX
http://www.sophos.com/products/enterprise/endpoint/security-and-control/unix/sysreqs.html

Please tell us what you think of our new website